Students are a bit schizophrenic, and perhaps predictable, when it comes to privacy attitudes and practices

So, what do “typical” first year students at the University of Utah look like in terms of their attitudes and beliefs about privacy and surveillance?  What privacy practices do they follow and how accurate is their knowledge about privacy?

These and other questions were answered when  the 20 students (10 male and 10 female) enrolled in UGS 2260 “Privacy & Surveillance”  anonymously answered a 65 question survey before the first day of class.   What follows is a composite picture of the “average” class member, who we shall call by the androgynous name of “Pat.”

First, some demographics: 

Pat is 18 years of age, is from Utah, will likely major in political science or a science related field and intends to pursue an advanced degree.

Pat is social media savvy, having a Facebook, Instagram, Twitter, Snapchat, Vine and Google+ accounts.  However, she does not use Flickr or other photo sharing sites.  Pat has three email addresses and has used an opaque online user name which hides her real name as she believes anonymous speech is an important element of using the internet.  She does not subscribe to any RSS feeds, has never edited a Wikipedia page and is not a blog author, but she does post comments on blogs and online sites.  Pat’s primary source of news comes from social media and  although she sometimes reads online newspapers Pat never reads print newspapers for news.

Pat is also technologically savvy having first received a cell phone when she was 13 years old.   She maintains an online banking account, a frequent shopper digital account, orders and pays for products and services online, uses cloud storage and uses text messaging as the primary means of communicating with her friends when physically apart.  When communicating with her digital dinosaur parents and family she uses the phone.

Pat’s attitudes about privacy.

Pat is “somewhat uncomfortable” with the fact that some internet companies provide free services and in exchange collect personal information about her for advertising purposes , yet she uses such services and is willing to disclose personal information in exchange for the free services. She is only “mildly concerned” about her activities in public spaces being recorded, but believes that if a person takes a photograph of her in a public space that person should obtain her permission before posting it on the web.  Pat is of the strong view that she should be entitled to know what personal information about her is being collected by government and businesses and should also have the right  to delete personal information collected about her.  However, she is not willing to pay to either obtain or delete the information.  Pat views the privacy rights of public and private institutions in a markedly different manner.  She believes public institutions have an obligation to be transparent and have no right of privacy in how they operate.  On the other hand, private organizations have no obligation to be transparent and should have a right of privacy in their operations.  Interestingly, the distinction between public and private institutions does not extend to public and private individuals.  Both individuals, she says, are entitled to privacy in how they conduct their lives.   Pat places a higher value on privacy than institutional or personal security when the two are at odds and strongly believes that healthcare providers should not share her personal information even with other healthcare providers without her consent.

Pat’s privacy practices.

Although Pat believes Congress should enact Do-Not-Track legislation allowing her to opt out of online tracking, she believes it is the user who is primarily responsible for insuring the safe handling of personal information on online sites and networks, not government or the site owner.  Despite this latter view, however,  Pat’s efforts to protect her privacy are somewhat inconsistent and  lax.   She has password protected her mobile device , has modified the default privacy settings on some of her social networking accounts and sometimes turns off the geo-location feature on her phone.  On the other hand, she does not use separate passwords for her online accounts, has not enabled Google’s two-step authentication for her Gmail account, rarely clears her browser history, rarely deletes cookies from her computer and does not encrypt her emails.  She only “sometimes” reads a website’s privacy policy before establishing an account and she has not put a “Google alert” on her name.

Pat’s knowledge about privacy.

Like many people, Pat has several mistaken beliefs about online privacy.  She mistakenly believes that if a website has a privacy policy the site owner may not legally share  her personal information with other companies and must delete such information  on her request.  She does correctly know that a website does not need her permission to share her address and purchase history with the government, but erroneously believes that when she orders a pizza by phone for home delivery the pizza company may not sell her address or phone number to others.  Similarly, she incorrectly believes that when she gives her address and telephone number to the store cashier when making a purchase that the store may not sell that information absent her permission.

Any survey surprises?

Pat’s views and attitudes about privacy mirror the information learned from extensive surveys by the PEW Research Center.   See  Based on a 2013 national survey of persons aged 18-29, PEW concluded , among other things,  that young adults are more willing than older Americans to let companies use their personal data for commercial purposes, but are more skeptical about the government’s acquisition of personal information for purposes of combatting terrorism and better insuring personal safety.

It will be interesting to explore the reasons behind the privacy views of our class during the semester and to see if any views are changed as a result of the class.